[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping

To: openldap-software@OpenLDAP.org
Subject: RE: sasl UID mapping
From: "Medievalist" <ldap@hbcs.org>
Date: Mon, 12 Jan 2004 14:29:18 -0500
Content-description: Mail message body
In-reply-to: <1073903633.1974.11.camel@localhost>
References: <Pine.LNX.4.56.0401120119260.1416@fogarty.jakma.org>

See https://www.redhat.com/support/errata/archives/
and https://rhn.redhat.com/errata/RHSA-2003-417.html

I can't afford the time to run an unsupported operating system; due to 
circumstances beyond my control, I need to be able to load crypto-signed binary 
update patches.  Once the patch is out for a remote root exploit, I need to get 
it onto a test box immediately so that I can thoroughly test it before adding 
it to production servers.  That way I have a fighting chance to avoid either a 
crashed or rooted major server.

In my spare time, I sleep, eat, and spend time with my children.  These are 
activities I do not wish to give up in order to compile source packages.  I 
GREATLY appreciate the efforts of those of you who do work directly with the 
source, because you provide better feedback to the developers than I can, and 
obviously the developers deserve all the support and feedback we can give them.

Incidentally, the Red Hat 9 distributed versions of OpenLDAP, pam-ldap, and nss-
ldap work fine for me (performance is an issue if extremely complex ACLs or 
heavy logging is used, and authconfig is broken, but I can deal with that).  
I'm also testing AS3 now, because of the support issue referenced in the links 
given, and because AS3 includes Samba 3.0 with LDAP.

Under Red Hat 7.3, I could not maintain a stable LDAP-based server for more 
than 400 people, but my guess was that the problems were related more to 
nss_ldap and pam_ldap than to OpenLDAP or ldbm.

Sorry for the drift OT, I will return to lurking now.

--Charlie

On 12 Jan 2004 at 11:33, Tony Earnshaw wrote:
> man, 12.01.2004 kl. 02.21 skrev Paul Jakma:
> 
> > > Indeed. Most people have problems doing much of anything with
> > > RedHat's bundled OpenLDAP. It's obsolete, throw it away.
> 
> I second this.
> 
> > Well, the box is running RH7.3, in itself quite obsolete. I guess 
> > i'll have to dist-upgrade to Fedora which has 2.1.22-8.
> 
> Advice: do *not* "upgrade" to Fedora (an inherently unstable and
> unreliable distro) from RH 7.3 (an inherently stable and reasonably
> reliable distro).
> 
> Either find another, similar, vendor (Mandrake springs to mind) or keep
> your 7.3 and upgrade the Openldap release using source tarballs or
> widely-available rpms (don't forget that you'll need to upgrade to SASL
> 2 and your Berkeley DB at the same time). Obviously you could upgrade to
> a stable RH version such as Enterprise Server 3, but that costs money.
> 
> I write this as a RH aficionado of many years standing :)
> 
> --Tonni
> 
> -- 
> mail: billy - at - billy.demon.nl
> http://www.billy.demon.nl

Follow-Ups:
- RH/FC openldap stability (was RE: sasl UID mapping)
  - From: Paul Jakma <paul@clubi.ie>

References:
- RE: sasl UID mapping
  - From: Paul Jakma <paul@clubi.ie>
- RE: sasl UID mapping
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: Re: o and c or dc?
Next by Date: Re: [JunkMail] BDB corruption on every unclean shutdown
Index(es):
- Chronological
- Thread